# This is /etc/squid/squid.conf <- roles/network/templates/squid/squid.conf.j2

# 2021-08-16 IIAB PR #2948 - April 2007 OLPC School Server legacy moved to:
# https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid-iiab.conf.j2.unused

http_port 3129
http_port 3128 intercept

# Some measure of privacy: mask off the lowest byte of logged IP addresses
client_netmask 255.255.255.0

# https://wiki.squid-cache.org/Features/CacheManager
# https://wiki.squid-cache.org/SquidFaq/SecurityPitfalls#The_manager_ACLs
http_access allow localhost manager
http_access deny manager

# 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z')
# don't work well in recent years.  So we do it manually, as explained here:
# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L45

# Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/
#
#         Type (ufs, aufs, or COSS)
#          |       Where
#          |         |        Size (in MB)
#          |         |         |
#          |         |         |     L1 (directories)
#          |         |         |     |  L2 (directories)
#          |         |         |     |  |
#cache_dir aufs /library/cache 20000 32 256
cache_dir ufs /library/cache 200 16 128
# Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK!

{% if gw_squid_whitelist %}
#acl allow_src_ips src "/etc/squid/allow_src_ips"
acl allow_dst_domains dstdomain "/etc/squid/allow_dst_domains"
acl allow_url_regexs url_regex -i "/etc/squid/allow_url_regexs"
#acl allow_dst_ips dst "/etc/squid/allow_dst_ips"
#acl deny_url_regexs url_regex -i "/etc/squid/deny_url_regexs"
#acl deny_dst_ips src "/etc/squid/deny_dst_ips"

#http_access allow allow_src_ips
http_access allow allow_dst_domains
http_access allow allow_url_regexs
#http_access allow allow_dst_ips
#http_access deny deny_url_regexs
#http_access deny deny_dst_ips
{% endif %}

# 2021-08-16: DEFAULTS HAPPEN ANYWAY
# http_access deny all
# access_log /var/log/squid/access.log
# cache_log /var/log/squid/cache.log
# pid_filename /var/run/squid.pid
